Date: Mon, 09 Jul 2012 00:52:05 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Avleen Vig <avleen@gmail.com> Cc: =?ISO-8859-1?Q?Dag-Erling?=, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, =?ISO-8859-1?Q?_Sm=F8rgrav?= <des@des.no>, Garrett Wollman <wollman@bimajority.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?) Message-ID: <4FFA8DA5.6020300@FreeBSD.org> In-Reply-To: <CAMjP1K=b8mwqe31m=OqjUV%2BF=B85L4vpfT%2BDj00a1voPB-8TwA@mail.gmail.com> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net> <4FF8C3A1.9080805@FreeBSD.org> <20472.51031.308284.775990@hergotha.csail.mit.edu> <4FF8C890.9030408@FreeBSD.org> <CAMjP1KmVDJuKw09UFXb2M6QaL1dD1ocSjMOZLtjKiYFYoF9f4Q@mail.gmail.com> <4FFA7174.7050604@FreeBSD.org> <CAMjP1K=MahXEgHM-gKHFfDpQRDXY_0LGTn0JEE0Zm43%2Bh5jfPA@mail.gmail.com> <4FFA7980.4000707@FreeBSD.org> <CAMjP1K=b8mwqe31m=OqjUV%2BF=B85L4vpfT%2BDj00a1voPB-8TwA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/09/2012 00:34, Avleen Vig wrote:
> On Sun, Jul 8, 2012 at 11:26 PM, Doug Barton <dougb@freebsd.org> wrote:
>> On 07/08/2012 23:16, Avleen Vig wrote:
>>> On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton <dougb@freebsd.org> wrote:
>>>> On 07/08/2012 22:43, Avleen Vig wrote:
>>>>> It would be silly not to keep bind-tools in base.
>>>>
>>>> Sounds easy, but not so much in practice. Keeping any of the code
>>>> doesn't solve the problem of the release cycles not syncing up. And for
>>>> the vast majority of users needs the tools we will import will be more
>>>> than adequate.
>>>
>>> The question I keep asking myself is:
>>> "Is this best for the users?"
>>
>> Carrying BIND code in the base that is past EOL is not good for the
>> users, period. Everything else we're discussing is an implementation
>> detail.
>
> I think the "everything else we're discussing is an implementation
> detail" is the part we'll have a problem with.
No doubt there will be some bumps in the road. That's why it is going to
be done in -current before 10-RELEASE, so that the bugs can be worked out.
> Although Garrett's reply to my email makes sense too.
>
>> That said, I still believe that our idea of what should, and should not
>> be, in the base system is seriously flawed, and needs to be completely
>> redone. But that's never going to happen, so I'm trying to work with
>> what we've got.
>
> Agreed. The idea of a "minimally functional system" itself might be
> flawed.
No, there are 2 questions. First, "What is a minimally functional
system?" and second, "How do we provide it?" Answering those questions
is beyond the scope of this thread.
> Do you consider having `dig` and `host` essential in a
> minimally functioning system? I do.
> It's pretty f'king hard to resolve problems with installing the
> bind-utils port, if you don't know how to test your DNS :-)
No one has said that we're going to leave the base without any tools.
Please actually read the entire thread before commenting further.
> Yes, I'm going to be a stickler and say that having EOL code in base
> isn't the end of the world.
Yours is a minority opinion.
> If there's a security vulnerability, sure, I understand that it might
> suck without support from ISC to patch dig/host/nslookup, but when was
> the last time that happened?
Those binaries are just wrappers to the BIND libs, which are upgraded
rather often when security vulnerabilities are found.
Up to this point I've tried to respond to your questions in the hopes
that answering them will serve to elucidate some of the details behind
what's going on here. At this point though I'm starting to repeat
myself. So if you have further questions I'd suggest that you read the
entire thread so far, and then do some research on your own to try and
understand the problem better.
After that, if you still disagree, voicing your concerns when Dag-Erling
has had a chance to get involved is probably your best bet.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FFA8DA5.6020300>